confused with unlang

Wayne Lee linkconnect at googlemail.com
Wed Oct 20 17:19:06 CEST 2010 

Hello

I'm getting myself confused with unlang and hoping somebody can help.
I have read the docs but just don't fully get it.
I'm trying to filter requests by part of the calling-station-id and
update/rewrite the reply depending on what group it is in. The below
is what I've got in the config


post-auth {

if(Calling-Station-Id >= "foo") {
        if(SQL-Group == "SR1"){
                update reply {
                Tunnel-Server-Endpoint := 192.168.1.1
                Tunnel-Type := L2TP
                Tunnel-Medium-Type := IP
                Cisco-AVPair := vpdn:tunnel-id=provider.net
                Cisco-AVPair := vpdn:l2tp-tunnel-password=abc
                Framed-Protocol -= PPP
                Service-Type -= Framed-User
                Port-Limit -= 32
                }
        }
}


if(Calling-Station-Id >= "bar") {
        if(SQL-Group == "SR1"){
                update reply {
                Tunnel-Server-Endpoint := 192.168.1.2
                Tunnel-Type := L2TP
                Tunnel-Medium-Type := IP
                Cisco-AVPair := vpdn:tunnel-id=provider.net
                Cisco-AVPair := vpdn:l2tp-tunnel-password=abc
                Framed-Protocol -= PPP
                Service-Type -= Framed-User
                Port-Limit -= 32
                }
        }
}

The provider is sending "foo" or "bar" (depends on the LTS) and a ID
number in the calling-station-id which is why I used ">=". The request
is accepted and the reply is updated as expected. The trouble I'm
having now is that if the users are not in group SR1 I need to reply
with the below.

Tunnel-Server-Endpoint := 172.16.1.1
Tunnel-Type := L2TP
Tunnel-Medium-Type := IP
Cisco-AVPair := vpdn:tunnel-id=provider.net
Cisco-AVPair := vpdn:l2tp-tunnel-password=abc
Framed-Protocol -= PPP
Service-Type -= Framed-User
Port-Limit -= 32

Further to that, when the provider sends bar and the user is not in
group SR1 i need to reply with a different tunnel-server-endpoint.
I understand why it's not working due to the use of ">=" but I don't
know how to fix it, I've tried using else statements/clauses but I'm
lost. We are using multiple LNS's (some dedicated for customers or
service).

Also is it possible to define multiple groups in the SQL-Group section
otherwise I can see the config becoming a mess?

Thanks for reading


Wayne

More information about the Freeradius-Users mailing list